Microsoft Defender SmartScreen Flaw Exploited by Hackers

windows defender smartscreen

In a significant cybersecurity development, a newly discovered flaw in Microsoft Defender SmartScreen was exploited by a sophisticated hacking group, Water Hydra (also known as DarkCasino). This group has been targeting financial traders with a dangerous malware campaign.

Understanding the Flaw

The infection procedure documented by Trend Micro, identified as CVE-2024-21412, involves a bypass vulnerability that affects Internet Shortcut Files (.URL). This vulnerability allowed hackers to circumvent Microsoft Defender SmartScreen’s security measures, leading to malicious software, dubbed DarkMe, being installed on victims’ devices without their knowledge.

How the Attack Works

Hackers used the CVE-2024-21412 flaw to trick victims into clicking on a seemingly harmless link. This link, often shared on forex trading forums, pretends to lead to a stock chart image. However, it’s actually a trap that downloads a malicious installer file when clicked.  The attackers cleverly manipulated internet shortcut files and used a series of redirects to bypass security screens. They exploited the “search:” application protocol to mislead users into opening a potentially harmful link through Windows Explorer, bypassing traditional security prompts.

Microsoft’s Response

Microsoft has addressed this security issue in its February Patch Tuesday update. The update aims to prevent unauthenticated attackers from exploiting this flaw by distributing specially crafted files.  Upon successful exploitation, the DarkMe malware is stealthily installed, allowing hackers to execute further malicious activities. This includes downloading additional malware, connecting to a control server, and extracting sensitive information from the infected system.

This incident highlights a growing trend where cybercriminals and nation-state hackers utilize zero-day vulnerabilities to conduct sophisticated cyberattacks. The technical prowess of groups like Water Hydra enables them to discover and exploit such vulnerabilities, posing a significant threat to cybersecurity.


 The exploitation of the Microsoft Defender SmartScreen vulnerability underscores the importance of staying aware and updating systems regularly. By understanding the tactics used by cybercriminals, individuals and organizations can better protect themselves against such advanced cyber threats

About Purple Shield Security

Purple Shield Security is not your typical cyber security consulting firm. We are the guardians of your digital realm, committed to protecting your business from the constantly evolving landscape of cyber threats. With a dedicated team of passionate security professionals by your side, we go above and beyond mere data and system protection – we provide you with peace of mind. Our comprehensive range of services includes Managed Cyber Security Services, Cyber Security Consulting, Cyber Security Risk Analysis, Cyber Security Defense Services, Security Incident Response, and more. By harnessing cutting-edge solutions and leveraging our expertise, we empower you to fortify your web applications and minimize vulnerability to attacks.

Don’t wait to secure your business. Get in touch with us today and discover how Purple Shield Security can revolutionize your cybersecurity defenses.

#cybersecuritynews #securitynews #datasecurity #applicationsecurity #vulnerabilityscanning #softwarevulnerability